Specifications
10
White Paper: Canon imageRUNNER/imagePRESS Security
IP Address Range Settings
Using the RX/Print Settings function, the System Manager can limit
network access to the device to specific IP addresses or ranges for printing.
Up to eight individual or consecutive address settings can be specified.
Subsequently, the System Manager can also choose to permit a range of
addresses, but reject specific addresses within that range.
Unless an address has been restricted by the RX/Print Settings function,
the Setting/Browsing Range feature will permit all users to print from their
PCs. However, this setting can also alter whetherspecific users can use
Remote UI functionality or not. To block access to the Remote UI utility,
System Managers simply need to go to Network Settings
TCP/IP
Settings
IP Address Range Settings
Setting/Browsing Range and
enter in the IP address of the devices they wish to block. Like the RX/Print
Settings, the System Manager can set a total of eight settings of either
individual addresses or ranges.
Media Access Control (MAC) Filtering
MAC address filtering is useful for smaller networks where administrators can manage controls for
specific systems, regardless of the subnet to which they happen to be connected. For
environments using Dynamic Host Configuration Protocol (DHCP) for IP address assignments, MAC
address filtering can avoid issues that are caused when DHCP leases expire and a new IP address
is issued to a system. As with IP address filters, MAC address filters can be used to allow or deny
access to specific addresses. Up to 100 MAC addresses can be registered and easily added, edited,
or deleted through the Remote UI interface. MAC address filters take a higher priority than the IP
address filters; so necessary systems can be allowed or denied, even if the system’s IP address
would dictate otherwise.
IPv6 Support
IPv6 support is available in all newly released imageRUNNER/imagePRESS models, and available
through a firmware upgrade for some older devices. IPv6 provides a more secure network
infrastructure, improved traffic routing and easier management for administrators than IPv4. The
United States Department of Defense (DOD) has established the goal of transitioning all their
networked devices to the next generation of IPv6 by Fiscal Year 2008. Other agencies
government-wide are beginning to move towards this trend and require IPv6 for all networked
devices.
IPsec Support*
The latest imageRUNNER/imagePRESS devices support an optional IPSec Board, which allows
users to utilize IPSec (Internet Protocol Security) to ensure the privacy and security of information
sent to and from the device, while in transit over unsecured networks.
IPSec is a suite of protocols for securing IP communications. IPSec supports secure exchange of
packets at the IP layer, where the packets in the data stream are authenticated and encrypted.
It encrypts traffic so that the traffic cannot be read by parties other than those for whom it is
intended, it also ensures that the traffic has not been modified along its path and is from a trusted
party, and protects against replay of the secure session. The IPSec functionality of the device only
supports transport mode, therefore authentication and encryption is only applied to the data part
of the IP packets.
OOnnccee yyoouu iinnssttaallll tthhee ooppttiioonnaall IIPPSSeecc B
Booaarrdd ttoo tthhee ddeevviiccee,, yyoouu ccaann uussee IIPPSSeecc ccoommmmuunniiccaattiioonnss bbyy
ggooiinngg ttoo NNeettwwoorrkk SSeettttiinnggss TTCCPP//IIPP SSeettttiinnggss
IIPPSSeecc SSeettttiinnggss aanndd sseett <<UUssee IIPPSSeecc>> ttoo [[OOnn]]..
([IPSec
Settings] is only displayed on the TCP/IP Settings screen if the optional IPSec Board is installed on
the device). See the imageRUNNER/imagePRESS manual for the specific device in question for
additional instructions on registering IPSec-based security policies.
IP Address Range Settings Screen
Section 2 — Canon’s Imaging & Printing Security Framework
*Not available on all imageRUNNER/imagePRESS models.